Apple’s Touch ID might seem ultra-secure to you and me (and way more so than our old “1234” passcodes), but businesses dealing in sensitive information seem to need a little more convincing. To meet concern over the security of the fingerprint scanning Home button, Apple has updated its “iPhone in Business” Web page, detailing both Touch ID and the “Secure Enclave” that works alongside the feature.

In a new PDF, titled “iOS Security,” Apple reiterates that Touch ID and its Secure Enclave store only data from scanned fingerprints, rather than actual images. Using a secure boot process, the Enclave – a coprocessor inside of Apple’s A7 processor – verifies and signs information independently of other iOS hardware and software. Even if an iOS device is compromised, Apple stresses that the contents of this Secure Enclave are entirely inaccessible:

Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.

Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.

As such, even though the 64-bit A7 processor deals with data collected from Touch ID, the information sourced from the fingerprint scanner is encrypted and can’t be read by the A7 chip; only the Secure Enclave can provide authentication:

It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is built into the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrap- ping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.